https://bz.apache.org/bugzilla/show_bug.cgi?id=62232
--- Comment #23 from Yann Ylavic <ylavic....@gmail.com> ---
I could verify my assertions with a configuration like this:
Listen 8443
<VirtualHost *:8443>
ServerName localhost:8443
SSLEngine on
SSLProtocol -all +TLSv1.2
...
</VirtualHost>
Listen 8880
<VirtualHost *:8880>
ServerName localhost:8880
<Location "/">
SSLOptions StdEnvVars
</Location>
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerName off
SSLProxyProtocol TLSv1
<Proxy "https://localhost:8443";>
SSLProxyProtocol TLSv1.2
</Proxy>
ProxyPass / https://localhost:8443/
...
</VirtualHost>
Now I test a request on http://localhost:8080/, which should be forwarded to
https://localhost:8443/ using TLSv1.2.
With no patch (vanilla 2.4.33), I get the "SSL Library Error:
error:140BA0C3:SSL routines:SSL_new:null ssl ctx" because of the <Location>
section. This issue is resolved by both Rainer's and my patch.
With Rainer's patch, the forwarding happens using TLSv1.0 (which fails).
With my patch it works as expected (using TLSv1.2).
So I don't think it makes a difference to use either patch for your current
production case, but for next 2.4 we probably will go with my patch.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
